deploy: cc8574c

.buildinfo

@@ -1,4 +1,4 @@
 # Sphinx build info version 1
 # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
-config: 86fc740097d609314737dab88d900c97
+config: 5f81b5d93fb6e5173cd9dedd0b8ea19c
 tags: 645f666f9bcd5a90fca523b33c5a78b7

CONTRIBUTING.html

@@ -1,25 +1,23 @@
+
+
 <!DOCTYPE html>
 <html class="writer-html5" lang="en" data-content_root="./">
 <head>
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Contributing &mdash; CycloneDX Editor Validator Tool 0.19.0 documentation</title>
+  <title>Contributing &mdash; CycloneDX Editor Validator Tool 0.20.0 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
-      <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=19f00094" />
+      <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
       <link rel="stylesheet" type="text/css" href="_static/css/festo-web-essentials.css" />
       <link rel="stylesheet" type="text/css" href="https://www.festo.com/fonts/fonts.css" />
 
 
-  <!--[if lt IE 9]>
-    <script src="_static/js/html5shiv.min.js"></script>
-  <![endif]-->
-
-        <script src="_static/jquery.js?v=5d32c60e"></script>
-        <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-        <script src="_static/documentation_options.js?v=cbfb3150"></script>
-        <script src="_static/doctools.js?v=9a2dae69"></script>
-        <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
+      <script src="_static/jquery.js?v=5d32c60e"></script>
+      <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
+      <script src="_static/documentation_options.js?v=b52c616d"></script>
+      <script src="_static/doctools.js?v=9a2dae69"></script>
+      <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="search.html" />

_sources/usage/init-sbom.rst.txt

@@ -0,0 +1,79 @@
+============
+init-sbom
+============
+
+.. argparse::
+    :filename: ./cdxev/__main__.py
+    :func: create_parser
+    :prog: cdx-ev
+    :path: init-sbom
+
+    This command provides a first draft of an SBOM for manual completion.
+
+    The created SBOM is according to the CycloneDX specification version 1.6.
+
+Optional inputs
+---------------
+
+    Values for some fields can be provided to the command, those are:
+
+    * The name for one author of the SBOM (metadata.authors[0].name) using the flag `--authors`,
+    * The name of the supplier of the software (metadata.component.supplier.name) using the flag `--supplier`,
+    * The name of the software (metadata.component.name) using the flag `--name`,
+    * The version of the software (metadata.component.version) using the flag `--version`.
+
+Examples::
+
+    # Write an SBOM draft with default content to bom.json
+    cdx-ev init-sbom -o bom.json
+
+    # Write an SBOM draft with a submitted software name, version, supplier and author of the SBOM to bom.json
+    cdx-ev init-sbom --name "my software" --supplier "acme inc." --version "1.1.1" --author "acme inc"  -o bom.json
+
+The above provided example without passing arguments to `init-sbom` would result in: ::
+
+    {
+        "dependencies": [
+            {
+                "ref": "An optional identifier which can be used to reference the component elsewhere in the SBOM."
+            }
+        ],
+        "metadata": {
+            "authors": [
+                {
+                    "email": "The email address of the contact.",
+                    "name": "The person who created the SBOM.",
+                    "phone": "The phone number of the contact."
+                }
+            ],
+            "component": {
+                "bom-ref": "An optional identifier which can be used to reference the component elsewhere in the SBOM.",
+                "copyright": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.",
+                "name": "The name of the component described by the SBOM.",
+                "supplier": {
+                    "name": "The name of the organization that supplied the component."
+                },
+                "type": "application",
+                "version": "The component version."
+            },
+            "timestamp": "2024-10-27T10:56:40.095452+01:00",
+            "tools": [
+                {
+                    "externalReferences": [
+                        {
+                            "type": "website",
+                            "url": "https://github.com/Festo-se/cyclonedx-editor-validator"
+                        }
+                    ],
+                    "name": "cyclonedx-editor-validator",
+                    "vendor": "Festo SE & Co. KG",
+                    "version": "0.0.0"
+                }
+            ]
+        },
+        "serialNumber": "urn:uuid:1fa01e4f-04f0-4208-9ea3-b53de58fd6a0",
+        "version": 1,
+        "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+        "bomFormat": "CycloneDX",
+        "specVersion": "1.6"
+    }

_sources/usage/list.rst.txt

@@ -0,0 +1,84 @@
+============
+list
+============
+
+.. argparse::
+    :filename: ./cdxev/__main__.py
+    :func: create_parser
+    :prog: cdx-ev
+    :path: list
+
+    This command lists content of the SBOM. It can currently provide a list:
+
+    * of the license information in the SBOM using the ``licenses`` operation,
+    * of the components in the SBOM using the ``components`` operation.
+
+    The information can be displayed as a text file or in csv format.
+
+
+Output Format
+-------------
+
+The txt format for license information (derived from the format of `Apache NOTICE files <https://infra.apache.org/licensing-howto.html>`_) has the structure: ::
+
+    Metadata component name:
+    Metadata component copyright
+    Metadata component license 1
+    Metadata component license 2
+    ...
+
+    This product includes material developed by third parties:
+
+    component 1 name:
+    component 1 copyright
+    component 1 license 1
+    component 1 license 1
+    ...
+
+    component 2 name:
+    component 2 copyright
+    component 2 license 1
+    component 2 license 2
+    ...
+
+
+The txt format for component information has the structure: ::
+
+    Metadata component name
+    Metadata component version
+    Metadata component supplier name
+
+    This product includes material developed by third parties:
+
+    component 1 name
+    component 1 version
+    component 1 supplier name
+
+    ...
+
+
+The csv format for license information has the structure: ::
+
+    Name,Copyright,Licenses
+    "Metadata component name","Metadata component copyright","Metadata component license 1;..."
+    "component 1 name","component 1 copyright","component 1 license 1;component 1 license 2..."
+    "component 2 name","component 2 copyright",""
+    ...
+
+
+The csv format for component information has the structure: ::
+
+    Name,Version,Supplier
+    "Metadata component name","Metadata component version","Metadata component supplier name"
+    "component 1 name","component 1 version","component 1 supplier name"
+    "component 2 name","","component 2 supplier name"
+    ...
+
+
+Examples::
+
+    # List the license information from bom.json
+    cdx-ev list licenses bom.json
+
+    # List the components from bom.json
+    cdx-ev list components bom.json

_sources/usage/set.rst.txt

@@ -22,7 +22,7 @@ The *target component* can be identified through any of the identifiable propert
 
 If *coordinates* are used to identify the target, they must match the component fully. In other words, if **only** *name* is given, it will **only match** components with that name which do **not** contain *version* or *group* fields.
 
-In *coordinates* it is also possible to provide a range of versions using the *version-range* parameter instead of *version* following the `PURL specification <https://github.com/package-url/purl-spec/blob/version-range-spec/VERSION-RANGE-SPEC.rst>`_ as referenced by `CycloneDX <https://cyclonedx.org/docs/1.6/json/#vulnerabilities_items_affects_items_versions_items_range>`_.
+In *coordinates* it is also possible to provide a range of versions using the *version-range* parameter instead of *version* following the `PURL specification <https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst>`_ as referenced by `CycloneDX <https://cyclonedx.org/docs/1.6/json/#vulnerabilities_items_affects_items_versions_items_range>`_.
 
 The version range has the format::
 

_static/documentation_options.js

@@ -1,5 +1,5 @@
 const DOCUMENTATION_OPTIONS = {
-    VERSION: '0.19.0',
+    VERSION: '0.20.0',
     LANGUAGE: 'en',
     COLLAPSE_INDEX: false,
     BUILDER: 'html',